Benelux Regulators to Apply EIOPA Guidelines on Outsourcing to Cloud Service Providers by Insurance and Reinsurance Undertakings

On 24 April 2020, the European Insurance and Occupational Pensions Authority (EIOPA) issued new guidelines on outsourcing to cloud service providers (the "Guidelines") which apply to insurance and reinsurance undertakings, supplementing the general regulatory framework based on the Solvency II Directive and Delegated Regulation 2015/35. 

Pursuant to Article 16(3) of Regulation (EU) No 1094/2010 establishing the EIOPA, which requires the competent authorities of the EU Member States to make every effort to comply with EIOPA guidelines and confirm that they intend to comply with them, the Benelux regulators have indicated their intention to apply the Guidelines. 

In Belgium, the prudential regulator for the insurance and reinsurance sector, the National Bank of Belgium ("NBB"), published a circular on 5 May 2020 (NBB_2020_018) implementing the Guidelines and clarifying the NBB's recommendations on outsourcing to cloud service providers active in the sector (available here). 

For many years, the prudential regulator of the Netherlands, the Dutch National Bank ("DNB"), has been actively been focusing on outsourcing by financial institutions, including insurance companies, to cloud service providers. EIOPA guidelines are deemed authoritative by the DNB, taken into account by the DNB and often form the basis for the DNB's own recommendations. One example is the DNB's Good Practice document for outsourcing insurers, issued in May 2019. In this document, the DNB refers extensively to the outsourcing provisions of the EIOPA Guidelines on System of Governance. The DNB applies these guidelines, specifically when supervising cloud outsourcing, to supplement the Good Practices. The DNB has indicated that it expects insurers to apply the Guidelines from 1 January 2021 to all cloud outsourcing agreements entered into or amended on or after this date. 

In Luxembourg, the supervisory authority for the insurance sector, the Commissariat aux Assurances ("CA"), confirmed in Circular 20/13 of 24 June 2020 that it will fully apply the Guidelines. Luxembourg insurance and reinsurance undertakings are therefore required to abide by the Guidelines. On this occasion, the Luxembourg regulator also recalled that outsourcing operations must comply with the obligation of professional secrecy set out in Article 300 of the amended Act of 7 December 2015 on the insurance sector. 

For further information about the scope, requirements and timeline for implementation of the Guidelines, please refer to our article on the EIOPA Guidelines on outsourcing to cloud service providers by insurance and reinsurance undertakings.

Related : NautaDutilh ( Mrs. Anne Fontaine ,  Mr. Pierre De Pauw )


Mrs. Anne Fontaine Mrs. Anne Fontaine
[email protected]
Mr. Pierre De Pauw Mr. Pierre De Pauw
Senior Associate
[email protected]

Click here to see the ad(s)
All articles Banking law

Lastest articles Banking law

New rules on pre-marketing of funds in Belgium

Alternative investment fund managers (“AIFMs”) that wish to examine to what extent investors are open to a cer...

New rules on pre-marketing of funds in Belgium Read more

Phishing: the bank is liable

"Phishing cost Belgians 34 million euros", "FPS Finance warns for fraudulent mails: 'Do not react'&...

Phishing: the bank is liable Read more

Global rise of Buy Now Pay Later: state of play in Belgium

Deferred payment methods, often called “Buy Now Pay Later (“BNPL”) solutions”, allow customers to ...

Global rise of Buy Now Pay Later: state of play in Belgium Read more

The ELTIF: amendments in the Belgian AIFM Law

On 19 April 2021, a draft law on diverse financial provisions (the “Draft Law”) was published. The Draft Law w...

Read more

Lastest articles by Mrs. Anne Fontaine

Belgium: The Twin Peaks II Reform

On 30 July 2013 the Belgian Parliament passed new legislation (the "Act") to improve the protection of users of financial ...

Read more

Belgium: amendments to the Prospectus Act and to the Prospectus Regulation

The Prospectus Directive 2003/71/EC (the "Prospectus Directive") and the Prospectus Regulation No 809/2004 (the "Prospectu...

Read more

Compliance officers

Since the entry into force on 5 April 2012 of the Royal Decree of 12 March 2012 approving the Financial Services and Marke...

Read more

Liability of Rating Agencies

Since the start of the global financial crisis in 2008, rating agencies have attracted substantial attention and been at t...

Read more

Lastest articles by Mr. Pierre De Pauw

LexGO Network